8.0
高危
1 个模型检测该样本为恶意!
重新分析
更多

bd7d99e15081c7db76cf1661291c822b02f6fceb63e204e505b7ed72bddecab9

8c5db2c29622be60ff9cc9f4c4ccfef4.exe

分析耗时

90s

最近分析

文件大小

2.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20191230 6.0.6.653
CrowdStrike 20190702 1.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20191230 18.4.3895.0
Tencent 20191230 1.0.0.1
Kingsoft 20191230 2013.8.14.323
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620970379.857501
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620970396.998501
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path d:\buildserver-core\bs1\work-downloader-2-1\core-repository\branches\downloader-2-1\downloader\release\BlizzardDownloader.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620970377.263501
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name JPG
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Performs some HTTP requests (9 个事件)
request GET http://www.blizzard.com/downloads/starcraft2/sc2downloader.htm
request GET http://x.ss2.us/x.cer
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
request GET http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
request GET http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
request GET http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAFWs6htSjb%2BjEifUugKlYs%3D
request GET http://crl.rootca1.amazontrust.com/rootca1.crl
request GET http://crl.sca1b.amazontrust.com/sca1b.crl
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620970388.591501
NtAllocateVirtualMemory
process_identifier: 2824
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x06240000
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description 8c5db2c29622be60ff9cc9f4c4ccfef4.exe tried to sleep 163 seconds, actually delayed analysis time by 163 seconds
Creates a shortcut to an executable file (3 个事件)
file C:\Users\Administrator.Oskar-PC\Links\Desktop.lnk
file C:\Users\Administrator.Oskar-PC\Links\Downloads.lnk
file C:\Users\Administrator.Oskar-PC\Links\RecentPlaces.lnk
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Sophos Mal/Generic-S
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620970378.716501
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.441304441225995 section {'size_of_data': '0x00021000', 'virtual_address': '0x000f8000', 'entropy': 7.441304441225995, 'name': '.rsrc', 'virtual_size': '0x00020cac'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 12.129.232.132
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620970378.044501
RegSetValueExA
key_handle: 0x00000308
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Attempts to create or modify system certificates (2 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620970381.310501
RegSetValueExA
key_handle: 0x000003f8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620970381.326501
RegSetValueExA
key_handle: 0x000003f8
value: à)²XH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620970381.326501
RegSetValueExA
key_handle: 0x000003f8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620970381.326501
RegSetValueExW
key_handle: 0x000003f8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620970381.326501
RegSetValueExA
key_handle: 0x000004e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620970381.326501
RegSetValueExA
key_handle: 0x000004e0
value: à)²XH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620970381.326501
RegSetValueExA
key_handle: 0x000004e0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620970381.373501
RegSetValueExW
key_handle: 0x000003e0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620970444.482501
RegSetValueExA
key_handle: 0x000004a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620970444.482501
RegSetValueExA
key_handle: 0x000004a4
value: 0!Õ×XH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620970444.482501
RegSetValueExA
key_handle: 0x000004a4
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620970444.482501
RegSetValueExW
key_handle: 0x000004a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620970444.482501
RegSetValueExA
key_handle: 0x00000568
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620970444.482501
RegSetValueExA
key_handle: 0x00000568
value: 0!Õ×XH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620970444.482501
RegSetValueExA
key_handle: 0x00000568
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Network activity contains more than one unique useragent (2 个事件)
process 8c5db2c29622be60ff9cc9f4c4ccfef4.exe useragent Blizzard Web Client
process 8c5db2c29622be60ff9cc9f4c4ccfef4.exe useragent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 12.129.232.132:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2009-07-08 15:15:25

Imports

Library iphlpapi.dll:
0x4a3574 GetTcpTable
0x4a3578 GetAdaptersInfo
Library WININET.dll:
0x4a34bc HttpSendRequestA
0x4a34c0 InternetReadFile
0x4a34c4 HttpQueryInfoA
0x4a34c8 InternetReadFileExA
0x4a34d0 HttpOpenRequestA
0x4a34d4 InternetConnectA
0x4a34d8 InternetOpenA
0x4a34dc InternetSetOptionA
0x4a34e0 InternetCrackUrlA
0x4a34e8 InternetSetCookieA
0x4a34f0 InternetCloseHandle
Library VERSION.dll:
0x4a34ac GetFileVersionInfoA
0x4a34b4 VerQueryValueA
Library COMCTL32.dll:
0x4a3028
Library RPCRT4.dll:
0x4a3304 UuidCreate
Library WS2_32.dll:
0x4a34f8 sendto
0x4a34fc bind
0x4a3500 socket
0x4a3504 getsockname
0x4a3508 getsockopt
0x4a350c inet_addr
0x4a3510 WSACleanup
0x4a3514 listen
0x4a3518 gethostname
0x4a351c ntohs
0x4a3520 connect
0x4a3524 closesocket
0x4a3528 recv
0x4a352c send
0x4a3530 WSAGetLastError
0x4a3534 select
0x4a3538 __WSAFDIsSet
0x4a353c htons
0x4a3540 gethostbyname
0x4a3544 WSASetLastError
0x4a3548 WSAStartup
0x4a354c inet_ntoa
0x4a3550 htonl
0x4a3554 setsockopt
0x4a3558 ntohl
0x4a355c ioctlsocket
0x4a3560 accept
0x4a3564 getpeername
Library KERNEL32.dll:
0x4a30b0 GetTempFileNameA
0x4a30b8 WideCharToMultiByte
0x4a30bc MultiByteToWideChar
0x4a30c0 GetProcAddress
0x4a30c4 LoadLibraryA
0x4a30c8 CloseHandle
0x4a30cc SetFileAttributesA
0x4a30d0 GetDiskFreeSpaceExA
0x4a30d4 GetVersionExA
0x4a30d8 GetComputerNameA
0x4a30dc GetLastError
0x4a30e0 CreateEventA
0x4a30e4 GetCurrentProcessId
0x4a30e8 GetSystemInfo
0x4a30ec InterlockedExchange
0x4a30f0 OpenMutexA
0x4a30f4 WriteFile
0x4a30f8 SetEvent
0x4a30fc CompareStringA
0x4a3100 CompareStringW
0x4a3104 DeleteFileA
0x4a3108 CopyFileA
0x4a3110 CreateThread
0x4a3114 WaitForSingleObject
0x4a3118 CreateFileA
0x4a311c CreateMutexA
0x4a3120 GetModuleHandleA
0x4a3124 FreeLibrary
0x4a3128 MulDiv
0x4a312c GetFileSize
0x4a3130 GlobalFree
0x4a3134 GlobalAlloc
0x4a3138 FreeResource
0x4a313c SizeofResource
0x4a3140 LockResource
0x4a3144 LoadResource
0x4a3148 FindResourceA
0x4a314c GetCurrentThreadId
0x4a3150 GetConsoleCP
0x4a3154 GetFileType
0x4a3158 SetHandleCount
0x4a315c HeapCreate
0x4a3160 HeapDestroy
0x4a3164 HeapSize
0x4a3168 GetModuleFileNameA
0x4a316c GetCPInfo
0x4a3170 LCMapStringW
0x4a3174 LCMapStringA
0x4a3178 ExitThread
0x4a317c GetFullPathNameA
0x4a3180 GetStartupInfoA
0x4a3184 GetProcessHeap
0x4a3188 GetCommandLineA
0x4a318c HeapAlloc
0x4a3190 HeapReAlloc
0x4a3194 ExitProcess
0x4a319c HeapFree
0x4a31a4 TerminateProcess
0x4a31a8 RaiseException
0x4a31ac RtlUnwind
0x4a31b0 VirtualFree
0x4a31b4 VirtualAlloc
0x4a31b8 SetLastError
0x4a31bc SetFileTime
0x4a31c0 SetEndOfFile
0x4a31c4 RemoveDirectoryA
0x4a31c8 CreateDirectoryA
0x4a31cc GetShortPathNameA
0x4a31d0 FlushFileBuffers
0x4a31d4 FindFirstFileA
0x4a31d8 FindNextFileA
0x4a31dc FindClose
0x4a31e4 TlsSetValue
0x4a31e8 DuplicateHandle
0x4a31ec VirtualQuery
0x4a31f0 CreateProcessA
0x4a31fc MoveFileA
0x4a3200 GetFileAttributesA
0x4a3210 SetFilePointer
0x4a3214 ReadFile
0x4a3218 GetDiskFreeSpaceA
0x4a3220 TlsAlloc
0x4a3224 GetTempPathA
0x4a3234 GetCurrentThread
0x4a3238 GetTickCount
0x4a3240 SignalObjectAndWait
0x4a3244 TlsFree
0x4a3248 TlsGetValue
0x4a3250 GetThreadPriority
0x4a3254 SetThreadPriority
0x4a3258 Sleep
0x4a325c GlobalMemoryStatus
0x4a3260 GetConsoleMode
0x4a3264 GetACP
0x4a3268 GetOEMCP
0x4a326c IsValidCodePage
0x4a3270 SetStdHandle
0x4a3284 GetDriveTypeA
0x4a3288 GetLocaleInfoA
0x4a328c GetStringTypeA
0x4a3290 GetStringTypeW
0x4a3294 GetUserDefaultLCID
0x4a3298 GetExitCodeProcess
0x4a329c EnumSystemLocalesA
0x4a32a0 IsValidLocale
0x4a32a4 GetLocaleInfoW
0x4a32a8 WriteConsoleA
0x4a32b4 GetConsoleOutputCP
0x4a32b8 WriteConsoleW
0x4a32c0 GetThreadLocale
0x4a32c4 GetStdHandle
0x4a32d0 GetCurrentProcess
0x4a32d8 IsDebuggerPresent
Library USER32.dll:
0x4a3328 TrackPopupMenu
0x4a332c GetMenuItemInfoA
0x4a3330 GetMenuStringA
0x4a3334 GetMenuItemID
0x4a3338 IsMenu
0x4a333c DefWindowProcA
0x4a3340 GetWindowDC
0x4a3344 OffsetRect
0x4a3348 SetRect
0x4a334c InflateRect
0x4a3350 LoadMenuA
0x4a3354 LoadAcceleratorsA
0x4a3358 SetWindowsHookExA
0x4a335c GetMenuItemCount
0x4a3360 GetSubMenu
0x4a3364 IsIconic
0x4a3368 DrawIcon
0x4a336c DestroyMenu
0x4a3370 UnhookWindowsHookEx
0x4a3378 CallNextHookEx
0x4a337c GetDlgCtrlID
0x4a3380 GetClientRect
0x4a3384 GetSystemMetrics
0x4a3388 GetScrollInfo
0x4a3390 SetWindowPos
0x4a3394 CopyImage
0x4a3398 DrawTextA
0x4a339c EnumChildWindows
0x4a33a4 GetParent
0x4a33a8 SetPropA
0x4a33ac GetWindowLongA
0x4a33b0 GetCapture
0x4a33b4 SetCapture
0x4a33b8 ClientToScreen
0x4a33bc PtInRect
0x4a33c0 ReleaseCapture
0x4a33c4 LoadCursorA
0x4a33c8 SetCursor
0x4a33cc GetPropA
0x4a33d0 CallWindowProcA
0x4a33d4 RemovePropA
0x4a33d8 GetDesktopWindow
0x4a33dc LoadImageA
0x4a33e0 IsWindowVisible
0x4a33e4 EnableWindow
0x4a33e8 CreateDialogParamA
0x4a33ec BringWindowToTop
0x4a33f0 SetFocus
0x4a33f4 GetMenu
0x4a33f8 ModifyMenuA
0x4a33fc DialogBoxParamA
0x4a3400 SetForegroundWindow
0x4a3404 FillRect
0x4a3408 GetDC
0x4a340c ReleaseDC
0x4a3410 SetWindowLongA
0x4a3414 CheckDlgButton
0x4a3418 IsDlgButtonChecked
0x4a341c EndDialog
0x4a3420 MessageBoxA
0x4a3424 SetDlgItemTextA
0x4a3428 GetClassNameA
0x4a342c LoadIconA
0x4a3430 InvalidateRect
0x4a3434 GetWindowRect
0x4a3438 ScreenToClient
0x4a343c MoveWindow
0x4a3440 ShowWindow
0x4a3444 FindWindowA
0x4a3448 EnumWindows
0x4a344c SetWindowTextA
0x4a3454 PostMessageA
0x4a3458 IsWindow
0x4a345c GetDlgItem
0x4a3460 SendMessageA
0x4a3464 KillTimer
0x4a3468 SetTimer
0x4a346c GetWindowTextA
0x4a3470 wsprintfA
0x4a3474 GetFocus
0x4a3478 DrawFocusRect
0x4a347c BeginPaint
0x4a3480 EndPaint
0x4a3484 DestroyIcon
0x4a3488 IsZoomed
0x4a348c DestroyWindow
0x4a3490 CreateWindowExA
0x4a3494 DrawIconEx
0x4a3498 IsWindowEnabled
0x4a349c SetWindowRgn
0x4a34a0 TrackMouseEvent
Library GDI32.dll:
0x4a3030 SaveDC
0x4a3034 RestoreDC
0x4a3038 CreatePolygonRgn
0x4a303c GetTextColor
0x4a3044 BitBlt
0x4a3048 GetPixel
0x4a304c CreateRectRgn
0x4a3050 CreateEllipticRgn
0x4a3058 SelectClipRgn
0x4a305c ExcludeClipRect
0x4a3060 Rectangle
0x4a3064 CreatePen
0x4a3068 LineTo
0x4a306c GetDeviceCaps
0x4a3070 GetObjectA
0x4a3074 CreateFontIndirectA
0x4a3078 GetStockObject
0x4a307c SetBkMode
0x4a3080 SetBkColor
0x4a3084 SetTextColor
0x4a3088 CreateSolidBrush
0x4a308c SelectObject
0x4a3090 DeleteObject
0x4a3094 SetPixel
0x4a3098 CreateCompatibleDC
0x4a30a0 StretchBlt
0x4a30a4 DeleteDC
0x4a30a8 MoveToEx
Library comdlg32.dll:
0x4a356c GetSaveFileNameA
Library ADVAPI32.dll:
0x4a3000 RegCreateKeyExA
0x4a3004 RegSetValueExA
0x4a3008 RegDeleteKeyA
0x4a3010 RegQueryValueExA
0x4a3014 RegCloseKey
0x4a3018 RegEnumKeyExA
0x4a301c RegOpenKeyExA
0x4a3020 GetUserNameA
Library SHELL32.dll:
0x4a330c Shell_NotifyIconA
0x4a3318 ShellExecuteA
0x4a331c SHGetMalloc
0x4a3320 SHBrowseForFolderA
Library ole32.dll:
0x4a3584 CoCreateInstance
0x4a3588 CoInitialize
0x4a358c CoUninitialize
0x4a3590 OleCreate
0x4a3594 OleInitialize
Library OLEAUT32.dll:
0x4a32e8 VariantInit
0x4a32ec VariantClear
0x4a32f0 SysFreeString
0x4a32f4 OleLoadPicture
0x4a32f8 SysStringLen
0x4a32fc SysAllocString
Library MSIMG32.dll:
0x4a32e0 TransparentBlt

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49187 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49193 52.85.56.129 ocsp.rootg2.amazontrust.com 80
192.168.56.101 49198 52.85.56.130 crl.sca1b.amazontrust.com 80
192.168.56.101 49194 52.85.56.179 ocsp.rootg2.amazontrust.com 80
192.168.56.101 49192 52.85.56.180 o.ss2.us 80
192.168.56.101 49195 52.85.56.185 ocsp.sca1b.amazontrust.com 80
192.168.56.101 49197 52.85.56.49 crl.rootca1.amazontrust.com 80
192.168.56.101 49181 52.85.56.96 x.ss2.us 80
192.168.56.101 49178 54.64.224.24 www.blizzard.com 80
192.168.56.101 49179 54.64.224.24 www.blizzard.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55331 114.114.114.114 53
192.168.56.101 57739 114.114.114.114 53
192.168.56.101 57995 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58333 114.114.114.114 53
192.168.56.101 59990 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63921 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49710 224.0.0.252 5355
192.168.56.101 50047 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.rootca1.amazontrust.com
http://x.ss2.us/x.cer 
GET /x.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x.ss2.us
http://crl.rootca1.amazontrust.com/rootca1.crl 
GET /rootca1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.rootca1.amazontrust.com
http://crl.sca1b.amazontrust.com/sca1b.crl 
GET /sca1b.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.sca1b.amazontrust.com
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAFWs6htSjb%2BjEifUugKlYs%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAFWs6htSjb%2BjEifUugKlYs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.sca1b.amazontrust.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 19 Apr 2021 20:17:25 GMT
If-None-Match: "80f8835935d71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D 
GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.ss2.us
http://www.blizzard.com/downloads/starcraft2/sc2downloader.htm 
GET /downloads/starcraft2/sc2downloader.htm HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.blizzard.com
Connection: Keep-Alive
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.rootg2.amazontrust.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.